WebSphere Application Server & Liberty

WebSphere Application Server & Liberty

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Rmi Registry Vulnerability

    Posted Wed April 27, 2016 02:23 AM

    Hello,

    We had just done a penetration test and it says you should block rmi registry port 1099. I am not sure what if we block that port or set -Djava.rmi.server.useCodebaseOnly=false in production.

    We have WAS 7.0 and 8.5 versions on effected servers and java and javac version is 1.7.0_45. Do you have any idea if we block that port, do we encounter any problem in production and do you suggest another way in order to disallow loading of classes from a remote URL.

    Besides that, we have been informed that, this vulnerability is seen just for 3 servers. I did not see that port in LISTEN mode for any server except for these 3 servers.

    Thank you for your time.

    GG



  • 2.  RE: Rmi Registry Vulnerability

    Posted Wed May 18, 2016 09:17 AM

    Hi Guney,

      Please review your servers ports from adminconsole and check if you have some of then configured to 1099.

      Server->SERVERNAME->ports

      Are 3 servers been monitored with VisualVM or any type of JMX connection? review if you have as JMV properties something like -Dcom.sun.management.jmxremote.port=1099

      Hope this helps. Tell us if you need more support.

    Regards,



Related Content